As GDPR approaches, organisations are focusing on obtaining permission from their customers to continue communicating via specific channels. However, many of these brand owners are neglecting to ensure that those customers are also happy with post-GDPRdata processing – the ways their data will be used.

fastmap has previously written about the potential for using Legitimate Interest as a lawful basis for data processing (and as an alternative to Consent), for those customer segments where it is most relevant. Such an approach requires an understanding of how attitudes towards data processing vary across those segments.

Recent research by fastmap highlights how consumer attitudes towards the way their data is processed can vary greatly. fastmap have researched numerous customer databases and developed an approach that assesses risk based on the proportion of different audience segments that consider an activity ‘reasonable’. The lower the proportion considering it reasonable, the higher the risk, and vice-versa.

Table 1 shows that people are generally open to receiving emails from brands, although there are differences in reaction to other channels with younger age groups much happier to receive communications via Text/SMS and Social Media. A recent conversation with my teenage daughter and her friends about the Facebook/Cambridge Analytica debacle, and their relative lack of concern over the “misuse” of personal data, confirmed the ease with which young people share their data.

However, Table 2 shows how opinion varies significantly across different age groups, when considering what post-GDPR data processes are deemed acceptable. Whereas some consumers will be happy with an organisation using their data for targeting and marketing communications, others may be unwilling for more sensitive techniques (such as wealth profiling) to take place.

We have anonymised the data processes in Table 2, but I can tell you that typically fastmap’s research found that customers/supporters are happy for organisations to use their cookie data and/or transaction history (e.g. to improve customer service), but are less willing for their credit and personal financial data to be used.

Attitudes also vary according to which brand or organisation is undertaking the post-GDPR data processing – see Table 3.

Brand reputation appears to determine what processes a consumer is happy with: a high profile issue with data privacy (e.g. Cambridge Analytica) can quickly cause a hardening of consumer attitudes, and a withdrawal of their consent to undertake certain processes.

And finally, Table 4 shows that attitudes vary even further when we combine age group and brand to create granular segmentation of consumer opinion.

fastmap’s research shows that by understanding your brand’s customer base, you can construct a lawful basis for post-GDPR data processing based on Legitimate Interest whilst continuing to communicate with your customers and use their data in ways that they are happy with.

In this way GDPR compliance becomes a route to competitive advantage: if customers are happy with the way your organisation handles their data, they will engage more willingly with your brand.

For more information about fastmap’s research into GDPR and data protection, Legitimate Interest, Consent and more, visit www.fastmap.com or get in touch with David Cole, Managing Director, fastmap on +44 (0) 20 7242 702 or david.cole@fastmap.com.